As noted in the first installment of our "Privacy Solution Series," we are outlining various user-empowerment or user "self-help" tools that allow Internet users to better protect their privacy online-and especially to defeat tracking for online behavioral advertising purposes. These tools and methods form an important part of a layered approach that we believe offers an effective alternative to government-mandated regulation of online privacy.

In some of the upcoming installments we will be exploring the privacy controls embedded in the major web browsers consumers use today: Microsoft's Internet Explorer (IE) 8, the Mozilla Foundation's Firefox 3, Google's Chrome 1.0, and Apple's Safari 4. In evaluating these browsers, we will examine two types of privacy features:

We will first be focusing on the default features and functions embedded in the browsers. We plan to do subsequent installments on the various downloadable "add-ons" available for browsers, as we already did for AdBlock Plus in the second installment of this series.

In this installment, we'll be taking a look at the privacy-related features in the most popular browser in use today, Microsoft's Internet Explorer. Specifically, we'll be examining the most recent version of the browser, IE 8, Release Candidate 1. We'll make it clear which features are new to IE 8 and those which are shared with IE 7.

Basic Background

Microsoft's Internet Explorer browser was launched in 1995 and quickly became America's most popular web browser, displacing Netscape's Navigator browser. In recent years, IE has faced new challenges from the Mozilla Foundation's "Firefox" browser, Apple's "Safari", the "Opera" browser, and others. (For an excellent history / timeline of web browsers, click here.) Despite these new challenges, IE still commands over 70% of the browser market. Like most other web browsers, Internet Explorer is free. So too are the features we are describing here.

Before we get further in the discussion of privacy controls, it's important for readers to understand the difference between "first-party" and "third-party" content on webpages. Many webpages today contain a combination of content from many different websites, which enables powerful "Web 2.0" functionality like an interactive Google map displayed along with an address or a "Digg This" link in a blog post. Third-party content can also be used to track users across websites and to serve up advertising. All content loaded from the same domain as is displayed in the Address bar is first-party content. All content loaded from other domains is third-party content. Internet Explorer has a "Privacy Report" function that can show you the source for all the different content elements in the current webpage. To access it, select Webpage Privacy Policy from IE7's Page menu or IE8's View menu.

Basic Cookie Management Controls

To access Internet Explorer's basic cookie management and privacy settings, open the "Tools" menu, click "Internet Options," and then click on the "Privacy" tab to display the following options:

Users can configure the slider on the upper left-hand side of the window to establish their preferred level of cookie privacy. There are 6 options on the sliding scale from which to choose. Starting from the top of the slider bar:

(1) "Block all cookies" -- Blocks IE from receiving any new cookies and blocks websites from reading any existing cookies on your computer. (Of course, that would greatly inconvenience users that regularly access websites that require information from the user, such as a Web-based email site that requires users to log in every time they access the website.)

(2) "High" -- Blocks all cookies from websites that do not have a P3P compact privacy policy or that have a compact privacy policy which specifies that personally-identifiable information is used without your explicit consent. Cookies already on your computer can only be read by the site that created them.

(3) "Medium High" -- "Blocks third-party cookies that do not have a compact privacy policy," "Blocks third-party cookies that save information that can be used to contact you without explicit consent," and "Blocks first-party cookies that save information that can be used to contact you without your implicit consent."

(4) "Medium" -- This setting "Blocks third-party cookies that do not have a compact privacy policy," "Blocks third-party cookies that save information that can be used to contact you without your explicit consent," and "Restricts first-party cookies that save information that can be used to contact you without your implicit consent."

(5) "Low" -- This setting "Blocks third-party cookies that do not have a compact privacy policy" and "Restricts third-party cookies that save information that can be used to contact you without implicit consent."

(6) "Allow all cookies" -- This setting allows all cookies from any website.

A P3P compact privacy policy is a machine-readable summary of the full P3P specification, which is a standardized method for explaining a website's privacy policy. So when IE states that it will "block[] third-party cookies that save information that can be used to contact you without your explicit consent," it means that the cookie will be blocked unless the site has a P3P compact privacy policy that either indicates that only non-identifiable (NOI) information is collected, or that for every data collection PURPOSE and every type of RECIPIENT that the website shares collected data with, the site's policy is that the user must opt in ("explicitly consent") to the practice.

When the slider bar is set anywhere other than the "High" and "Low" levels, users can also click the "Sites" button and then specify different cookie security levels for individual websites. The advantage of this approach is that it lets users create their own personal "white lists" and "black lists" of sites for which they either never want cookies blocked, or for which they always want cookies blocked. This increases the privacy-configurability of the browsing experience. For example, the following screen shows two sites that have been whitelisted and two hypothetical sites that have been blacklisted.

In addition, if the user wishes to manually delete their cookies, web browsing history, form data, personal passwords, or other stored information, they can do so on the "General" tab under the "Browsing History" section. Or, in the new IE 8, they can do so under the new "Safety" drop-down menu (in the Command toolbar) under the first option, "Delete Browser History." They can also configure IE 8 so that all of this data is deleted each time the browser is closed (essentially converting "persistent cookies" into "session cookies," concepts Adam Marcus has explained previously). The following screen shows how this user is choosing to delete just their temporary Internet files, cookies, and browsing history. Favorite websites are websites the user has bookmarked.

Using these controls, a particularly privacy-sensitive user who only trusted two or three sites-say, their bank and their employer's website-could allow cookies for only those sites and block cookies for all other websites. Again, this assumes that they do not mind the potential hassles associated with logging-in to many other sites each time they visit or losing custom preferences that would otherwise be stored in a cookie.

Advanced Private Browsing Features

"InPrivate Browsing": Privacy from Other Users of Your Computer

Internet Explorer 8 also offers some new privacy-related features. One of them is called InPrivate Browsing mode (akin to "Incognito" mode in Chrome), which protects so-called "over the shoulder" privacy, although that's a somewhat misleading term. By not saving any record of your web browsing while InPrivate Browsing mode is turned on, this feature ensures that others with access to your computer will not know what websites you have accessed. Some people like being able to refer to their browser history and don't want to delete all of their cookies, but want to hide all traces of some of their browsing activities-such as shopping online for a surprise gift, searching for information about a medical condition you don't want to disclose and, most obviously, enjoying pornography).

When the InPrivate Browsing mode is enabled, none of the varieties of "browsing history" data is saved-but none of your previous history is deleted, either. This comes in handy because, if someone with direct access to your computer is monitoring your browser history to see what you've been up to, deleting all of your browsing history would suggest that you've been doing something you wanted to hide. But InPrivate Browsing mode allows you to surf anonymously when desired-without making it obvious that you're doing so. Parents who are concerned about their kids using the InPrivate Browsing mode can use the parental controls in Windows Vista to disable it. But there does not appear to be a way to disable InPrivate Browsing on Windows XP.

Below is a screenshot of the InPrivate Browsing mode-which, again, can be enabled by clicking on the new "Safety" drop-down menu in IE 8 and selecting "InPrivate Browsing."

Today websites increasingly pull content in from multiple sources, providing tremendous value to consumer and sites alike. Users are often not aware that some content, images, ads and analytics are being provided from third party websites or that these websites have the ability to potentially track their behavior across multiple websites. InPrivate Filtering provides users an added level of control and choice about the information that third party websites can potentially use to track browsing activity.

InPrivate Filtering is off by default and must be enabled on a per-session basis. To use this feature, select InPrivate Filtering from the Safety menu.

In "Automatically Block" mode, InPrivate Filtering will automatically block a site if IE finds that site's content embedded in more than a user-specified number of other sites (the default is 10) visited by the user. You can also manually control which sites are blocked, and import and export your list of white/blacklisted sites to share that list with others.

The beta version of IE8 included a subscriptions feature that would have allowed users to automatically receive updated white or blacklists from others-much like the subscription feature in AdBlock Plus that we discussed previously. However, this functionality was removed in the "Release Candidate 1" version of IE8 (released Jan. 26, 2009) for unspecified reasons. While we recognize that not every beta feature makes it into final releases because of challenges in implementation, we very much hope Microsoft will ultimately add the subscription feature to Internet Explorer 8. InPrivate Filtering goes a long way in empowering truly privacy-sensitive users to take more granular control over their own privacy, but a subscription feature would allow less sophisticated users to rely on groups or other individuals they trust to help them avoid specific sites according to their concerns about privacy or security. Indeed, we hope that other browser manufacturers consider incorporating such tools into their browsers. Perhaps the privacy advocates who currently focus on inventing one-size-fits-all regulatory or legislative solutions could channel their enthusiasm about user privacy into actually developing whitelists and blacklists.

Cross Site Scripting (XSS) filter - Cross-site scripting attacks allow hackers to "inject" malicious scripts into trusted websites, which can then steal the account credentials of users who access these websites. XSS attacks are dangerous because everything looks fine to users and the attackers can gain almost complete access to users' computers. The XSS filter in IE constantly scans the data received from websites to determine if there is a likely XSS attack and re-writes the data to neutralize the attack.

ActiveX Opt-In - By default, ActiveX Opt-In disables most ActiveX controls. When a Web page tries to run an ActiveX control, the following text is displayed in an Information Bar: "This website wants to run the following add-on 'ABC Control' from 'XYZ Publisher.' If you trust the website and the add-on and want to allow it to run, click here ..." The user can then choose whether or not to run the ActiveX control.

Per-Site ActiveX - If a website tries to access an installed ActiveX control that is not permitted to run on the website, this new feature in IE 8 gives the user the option of blocking the attempt, allowing the ActiveX control for the current site, or to allow all websites to access the ActiveX control.

Domain Highlighting - The domain name of the site you're viewing is highlighted in the address bar. By making it clearer to the user which website they're accessing, this feature serves to protect users against phishing attacks from domain names that look like trusted domain names (e.g., www.paypal.com.hax0r.net, which is not PayPal's actual website).